ArcGIS for Server (Linux) Security 2016 Update 1 Patch

Summary

This security patch addresses a security vulnerability found in ArcGIS for Server (Linux only). Esri recommends that all customers using ArcGIS Server (Linux) 10.2.2 and 10.3.1 apply this patch. Customers who are using 10.2 or 10.2.1 should first apply 10.2.2. Customers who are using 10.3 should first apply 10.3.1.

Introduction

Esri® announces the ArcGIS for Server (Linux) Security 2016 Update 1 Patch. This patch addresses an XML External Entity (XXE) attack vulnerability that only exists on the Linux installation of ArcGIS for Server. Esri recommends that all customers using ArcGIS for Server (Linux) 10.2.2 and 10.3.1 apply this patch. The patch deals specifically with the issue listed below under Issues Addressed with this patch.
While not required, Esri also recommends that all customers using ArcGIS for Server (Linux) 10.2.2 apply the ArcGIS for Server Security (January 2015) Patch.

Make sure you have write access to your ArcGIS installation location,
and that no one is using ArcGIS.

Extract the specified tar file by typing:

% tar -xvf ArcGIS-<Version>-S-SEC2016U1-Patch-lx.tar

Start the installation by typing:

% ./applypatch

This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

Patch Updates

Check the Patches and Service Packs page
periodically for the availability of additional patches. New information about
this patch will be posted here.

How to identify which ArcGIS products are installed

To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.